Writing secure plugins

WordPress plugins are infinitely powerful. This power makes WordPress great, but it also gives plugin developers the ability to shoot themselves (and the users of their plugins) in the foot. This technical and code-heavy presentation will teach plugin developers the skills they need to write plugins that will never be a security liability to their clients and users.

You’ll learn the functions to use, when to use them, attitudes and best practices to avoid security holes, as well as explanations of why they are holes — which will hopefully help hone your sense of skepticism so that you can stay ahead of the curve and start protecting against tomorrow’s attack vectors. I will also be holding an unconference workshop session on plugin security where we can go through your plugin code and identify problem areas. I normally charge lawyerly rates for this kind of code review — you should definitely take advantage! I’ll announce the time and place of that workshop session during the main security talk session, which is at 1:30pm on Saturday.